Le 06/01/2012 16:54, Andrea Giammarchi a écrit :
> there is no security issue ... it's meant like that plus what Mark did
> not think about, is that if I use
>> (function () {
> function callback() {}
>> var object = {};
>> window.addEventListener("no way", object.boundTo(callback), false);
>> // later on
>>> window.removeEventListener("no way", object.boundTo(callback), false);
> }());
>>> inside a scope other objects can not reach, nobody will ever be able
> to retrieve the resulting bound function/object.
Of course, the case you show is not a problem. The problem arise when 2
potentially malicious scripts have access to the same object (Mark used
'Object' as an example).
But with modules, module loaders and the end of global scope, I wonder
to what extent this happens. i'll answer directly to Mark message to
discuss this.
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120106/0a8c1831/attachment.html>